diff options
author | Hyosun Kim <hyosunkim@google.com> | 2022-06-09 00:19:33 +0000 |
---|---|---|
committer | Hyosun Kim <hyosunkim@google.com> | 2022-06-09 00:19:33 +0000 |
commit | 43f1ed290eeb193a1ab9178ab6a1b624cab54333 (patch) | |
tree | 533592e9e26d67071c0086b4f87bd0de8f223c77 | |
parent | 9811e9a16e4c0be4c88023f4e322a5d0d372ffb5 (diff) | |
download | telephony-43f1ed290eeb193a1ab9178ab6a1b624cab54333.tar.gz |
Revert "To read the Group UUID, the Caller must also have the US..."
Revert "To read the Group UUID, the Caller must also have the US..."
Revert submission 17956544-group_uuid
Reason for revert: Bug: 235395006
Reverted Changes:
Iaa5493679:To read the Group UUID, the Caller must also have ...
Ic635126db:To read the Group UUID, the Caller must also have ...
Ia134265c2:To read the Group UUID, the Caller must also have ...
Change-Id: Ie80e7d8e04d2008fa4e97f997ab2050d31367895
-rw-r--r-- | src/java/com/android/internal/telephony/SubscriptionController.java | 61 | ||||
-rw-r--r-- | tests/telephonytests/src/com/android/internal/telephony/SubscriptionControllerTest.java | 94 |
2 files changed, 24 insertions, 131 deletions
diff --git a/src/java/com/android/internal/telephony/SubscriptionController.java b/src/java/com/android/internal/telephony/SubscriptionController.java index e25cbce82c..0110f60bc2 100644 --- a/src/java/com/android/internal/telephony/SubscriptionController.java +++ b/src/java/com/android/internal/telephony/SubscriptionController.java @@ -28,9 +28,6 @@ import android.annotation.NonNull; import android.annotation.Nullable; import android.app.AppOpsManager; import android.app.PendingIntent; -import android.app.compat.CompatChanges; -import android.compat.annotation.ChangeId; -import android.compat.annotation.EnabledSince; import android.compat.annotation.UnsupportedAppUsage; import android.content.ContentResolver; import android.content.ContentValues; @@ -170,15 +167,6 @@ public class SubscriptionController extends ISub.Stub { // Allows test mocks to avoid SELinux failures on invalidate calls. private static boolean sCachingEnabled = true; - /** - * Apps targeting on Android T and beyond will get exception if there is no - * {@link Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER} permission - * when calling SubscriptionManager#getSubscriptionsInGroup. - */ - @ChangeId - @EnabledSince(targetSdkVersion = Build.VERSION_CODES.TIRAMISU) - public static final long REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID = 213902861L; - // Each slot can have multiple subs. private static class WatchedSlotIndexToSubIds { private Map<Integer, ArrayList<Integer>> mSlotIndexToSubIds = new ConcurrentHashMap<>(); @@ -473,11 +461,10 @@ public class SubscriptionController extends ISub.Stub { /** * Returns whether the {@code callingPackage} has access to subscriber identifiers on the * specified {@code subId} using the provided {@code message} in any resulting - * SecurityException. {@code throwException} flag to indicate if throw exception. + * SecurityException. */ private boolean hasSubscriberIdentifierAccess(int subId, String callingPackage, - String callingFeatureId, String message, boolean reportFailure, - boolean throwException) { + String callingFeatureId, String message, boolean reportFailure) { try { return TelephonyPermissions.checkCallingOrSelfReadSubscriberIdentifiers(mContext, subId, callingPackage, callingFeatureId, message, reportFailure); @@ -485,9 +472,6 @@ public class SubscriptionController extends ISub.Stub { // A SecurityException indicates that the calling package is targeting at least the // minimum level that enforces identifier access restrictions and the new access // requirements are not met. - if (throwException) { - throw e; - } return false; } } @@ -3965,21 +3949,10 @@ public class SubscriptionController extends ISub.Stub { * Get subscriptionInfo list of subscriptions that are in the same group of given subId. * See {@link #createSubscriptionGroup(int[], String)} for more details. * - * Caller must have {@link android.Manifest.permission#READ_PHONE_STATE} - * or carrier privilege permission on the subscription. + * Caller will either have {@link android.Manifest.permission#READ_PHONE_STATE} + * permission or had carrier privilege permission on the subscription. * {@link TelephonyManager#hasCarrierPrivileges(int)} * - * <p>Starting with API level 33, the caller needs the additional permission - * {@link Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER} - * to get the list of subscriptions associated with a group UUID. - * This method can be invoked if one of the following requirements is met: - * <ul> - * <li>If the app has carrier privilege permission. - * {@link TelephonyManager#hasCarrierPrivileges()} - * <li>If the app has {@link android.Manifest.permission#READ_PHONE_STATE} and - * {@link Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER} permission. - * </ul> - * * @throws SecurityException if the caller doesn't meet the requirements * outlined above. * @@ -4007,29 +3980,15 @@ public class SubscriptionController extends ISub.Stub { } return subInfoList.stream().filter(info -> { - int subId = info.getSubscriptionId(); - boolean permission = checkPermissionForGroupUuid(subId, callingPackage, - callingFeatureId, Binder.getCallingUid()); if (!groupUuid.equals(info.getGroupUuid())) return false; - return permission || info.canManageSubscription(mContext, callingPackage); + int subId = info.getSubscriptionId(); + return TelephonyPermissions.checkCallingOrSelfReadPhoneState(mContext, subId, + callingPackage, callingFeatureId, "getSubscriptionsInGroup") + || info.canManageSubscription(mContext, callingPackage); }).map(subscriptionInfo -> conditionallyRemoveIdentifiers(subscriptionInfo, callingPackage, callingFeatureId, "getSubscriptionsInGroup")) .collect(Collectors.toList()); - } - private boolean checkPermissionForGroupUuid(int subId, String callingPackage, - String callingFeatureId, int uid) { - if (!TelephonyPermissions.checkCallingOrSelfReadPhoneState(mContext, subId, - callingPackage, callingFeatureId, "getSubscriptionsInGroup")) { - return false; - } - - if (CompatChanges.isChangeEnabled( - REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID, uid)) { - return hasSubscriberIdentifierAccess(subId, callingPackage, - callingFeatureId, "getSubscriptionsInGroup", true, true); - } - return true; } /** @@ -4343,7 +4302,7 @@ public class SubscriptionController extends ISub.Stub { if (canReadPhoneState) { canReadIdentifiers = hasSubscriberIdentifierAccess( SubscriptionManager.INVALID_SUBSCRIPTION_ID, callingPackage, - callingFeatureId, "getSubscriptionInfoList", false, false); + callingFeatureId, "getSubscriptionInfoList", false); canReadPhoneNumber = hasPhoneNumberAccess( SubscriptionManager.INVALID_SUBSCRIPTION_ID, callingPackage, callingFeatureId, "getSubscriptionInfoList"); @@ -4395,7 +4354,7 @@ public class SubscriptionController extends ISub.Stub { SubscriptionInfo result = subInfo; int subId = subInfo.getSubscriptionId(); boolean hasIdentifierAccess = hasSubscriberIdentifierAccess(subId, callingPackage, - callingFeatureId, message, true, false); + callingFeatureId, message, true); boolean hasPhoneNumberAccess = hasPhoneNumberAccess(subId, callingPackage, callingFeatureId, message); return conditionallyRemoveIdentifiers(subInfo, hasIdentifierAccess, hasPhoneNumberAccess); diff --git a/tests/telephonytests/src/com/android/internal/telephony/SubscriptionControllerTest.java b/tests/telephonytests/src/com/android/internal/telephony/SubscriptionControllerTest.java index 5058aa0487..5ac0b9b652 100644 --- a/tests/telephonytests/src/com/android/internal/telephony/SubscriptionControllerTest.java +++ b/tests/telephonytests/src/com/android/internal/telephony/SubscriptionControllerTest.java @@ -17,7 +17,6 @@ package com.android.internal.telephony; import static android.telephony.TelephonyManager.SET_OPPORTUNISTIC_SUB_REMOTE_SERVICE_EXCEPTION; -import static com.android.internal.telephony.SubscriptionController.REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID; import static com.android.internal.telephony.uicc.IccCardStatus.CardState.CARDSTATE_PRESENT; import static org.junit.Assert.assertEquals; @@ -34,9 +33,7 @@ import static org.mockito.ArgumentMatchers.anyInt; import static org.mockito.ArgumentMatchers.anyLong; import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.Mockito.atLeast; -import static org.mockito.Mockito.doNothing; import static org.mockito.Mockito.doReturn; -import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.eq; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.times; @@ -44,7 +41,6 @@ import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import android.Manifest; -import android.compat.testing.PlatformCompatChangeRule; import android.content.ContentResolver; import android.content.ContentValues; import android.content.Intent; @@ -72,14 +68,9 @@ import com.android.internal.telephony.uicc.IccCardStatus; import com.android.internal.telephony.uicc.UiccController; import com.android.internal.telephony.uicc.UiccSlot; -import libcore.junit.util.compat.CoreCompatChangeRule.DisableCompatChanges; -import libcore.junit.util.compat.CoreCompatChangeRule.EnableCompatChanges; - import org.junit.After; import org.junit.Before; -import org.junit.Rule; import org.junit.Test; -import org.junit.rules.TestRule; import org.mockito.ArgumentCaptor; import java.util.ArrayList; @@ -117,9 +108,6 @@ public class SubscriptionControllerTest extends TelephonyTest { private static final String DISPLAY_NUMBER = "123456"; private static final String DISPLAY_NAME = "testing_display_name"; - @Rule - public TestRule mCompatChangeRule = new PlatformCompatChangeRule(); - @Before public void setUp() throws Exception { super.setUp(getClass().getSimpleName()); @@ -1080,7 +1068,6 @@ public class SubscriptionControllerTest extends TelephonyTest { @Test @SmallTest - @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID}) public void testAddSubscriptionIntoGroupWithCarrierPrivilegePermission() throws Exception { testInsertSim(); // Adding a second profile and mark as embedded. @@ -1132,7 +1119,6 @@ public class SubscriptionControllerTest extends TelephonyTest { @Test @SmallTest - @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID}) public void testUpdateSubscriptionGroupWithCarrierPrivilegePermission() throws Exception { testInsertSim(); // Adding a second profile and mark as embedded. @@ -1254,7 +1240,6 @@ public class SubscriptionControllerTest extends TelephonyTest { @Test @SmallTest - @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID}) public void testSetSubscriptionGroup() throws Exception { testInsertSim(); // Adding a second profile and mark as embedded. @@ -1689,81 +1674,42 @@ public class SubscriptionControllerTest extends TelephonyTest { } @Test - @DisableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID}) - public void testGetSubscriptionsInGroupWithReadPhoneState() throws Exception { - // For backward compatibility test - ParcelUuid groupUuid = setupGetSubscriptionsInGroupTest(); - setupReadPhoneNumbersTest(); - setIdentifierAccess(false); - - List<SubscriptionInfo> subInfoList = mSubscriptionControllerUT.getSubscriptionsInGroup( - groupUuid, mCallingPackage, mCallingFeature); - - assertTrue(subInfoList.size() > 0); - for (SubscriptionInfo info : subInfoList) { - assertEquals(UNAVAILABLE_ICCID, info.getIccId()); - assertEquals(UNAVAILABLE_ICCID, info.getCardString()); - assertEquals(UNAVAILABLE_NUMBER, info.getNumber()); - } - } - - @Test - @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID}) - public void testGetSubscriptionsInGroupWithoutAppropriatePermission() throws Exception { + public void testGetSubscriptionsInGroupWithNoPermission() throws Exception { + // If the calling package does not have the READ_PHONE_STATE permission or carrier + // privileges then getSubscriptionsInGroup should throw a SecurityException when the + // READ_PHONE_STATE permission check is performed. ParcelUuid groupUuid = setupGetSubscriptionsInGroupTest(); + mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL); - // no permission - setNoPermission(); try { mSubscriptionControllerUT.getSubscriptionsInGroup(groupUuid, mCallingPackage, mCallingFeature); fail("getSubscriptionsInGroup should fail when invoked with no permissions"); } catch (SecurityException expected) { } - - // only has the USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permission - setIdentifierAccess(true); - try { - mSubscriptionControllerUT.getSubscriptionsInGroup(groupUuid, mCallingPackage, - mCallingFeature); - fail("getSubscriptionsInGroup should fail when invoked with no" - + "READ_PHONE_STATE permissions"); - } catch (SecurityException expected) { - } - - // only has the READ_PHONE_STATE permission - setIdentifierAccess(false); - setReadPhoneState(); - try { - mSubscriptionControllerUT.getSubscriptionsInGroup(groupUuid, mCallingPackage, - mCallingFeature); - fail("getSubscriptionsInGroup should fail when invoked with no " - + "USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permissions"); - } catch (SecurityException expected) { - } } @Test - @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID}) - public void testGetSubscriptionsInGroupWithReadDeviceIdentifier() throws Exception { + public void testGetSubscriptionsInGroupWithReadPhoneState() throws Exception { + // If the calling package only has the READ_PHONE_STATE permission then + // getSubscriptionsInGroup should still return the list of SubscriptionInfo objects + // but the ICC ID should not be available via getIccId or getCardString. ParcelUuid groupUuid = setupGetSubscriptionsInGroupTest(); - setNoPermission(); - setCarrierPrivileges(false); - setIdentifierAccess(true); - setReadPhoneState(); + setupReadPhoneNumbersTest(); + setIdentifierAccess(false); List<SubscriptionInfo> subInfoList = mSubscriptionControllerUT.getSubscriptionsInGroup( groupUuid, mCallingPackage, mCallingFeature); assertTrue(subInfoList.size() > 0); for (SubscriptionInfo info : subInfoList) { - assertTrue(info.getIccId().length() > 0); - assertTrue(info.getCardString().length() > 0); + assertEquals(UNAVAILABLE_ICCID, info.getIccId()); + assertEquals(UNAVAILABLE_ICCID, info.getCardString()); + assertEquals(UNAVAILABLE_NUMBER, info.getNumber()); } } @Test - @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID}) public void testGetSubscriptionInGroupWithPhoneNumberAccess() throws Exception { // If the calling package meets any of the requirements for the // LegacyPermissionManager#checkPhoneNumberAccess test then the number should be available @@ -1781,7 +1727,6 @@ public class SubscriptionControllerTest extends TelephonyTest { } @Test - @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID}) public void testGetSubscriptionsInGroupWithCarrierPrivileges() throws Exception { // If the calling package has the READ_PRIVILEGED_PHONE_STATE permission or carrier // privileges the ICC ID should be available in the SubscriptionInfo objects in the List. @@ -1799,7 +1744,6 @@ public class SubscriptionControllerTest extends TelephonyTest { } @Test - @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID}) public void testGetSubscriptionsInGroupWithPrivilegedPermission() throws Exception { // If the calling package has the READ_PRIVILEGED_PHONE_STATE permission or carrier // privileges the ICC ID should be available in the SubscriptionInfo objects in the List. @@ -2079,14 +2023,4 @@ public class SubscriptionControllerTest extends TelephonyTest { assertTrue(mSubscriptionControllerUT.checkPhoneIdAndIccIdMatch(0, "test2")); assertFalse(mSubscriptionControllerUT.checkPhoneIdAndIccIdMatch(0, "test3")); } - - private void setNoPermission() { - doThrow(new SecurityException()).when(mContext) - .enforcePermission(anyString(), anyInt(), anyInt(), anyString()); - } - - private void setReadPhoneState() { - doNothing().when(mContext).enforcePermission( - eq(android.Manifest.permission.READ_PHONE_STATE), anyInt(), anyInt(), anyString()); - } } |